Last updated: 29th August 2025
Controller for processing on this website and the marketplace within the meaning of the GDPR:
Coderizo LLC
7901 4th Street North, STE 300
St. Petersburg, Florida 33702
United States of America
Email: contact@coderizo.com
Rapid/direct contact: contact form
EU representative pursuant to Art. 27 GDPR
Martin Schlotfeldt
Hinter dem Dorfe 3
31234 Edemissen
Germany
Email: dsa@coderizo.com
Tel.: +49 1567 9039512
No Data Protection Officer has been appointed because the legal criteria under Art. 37 GDPR and § 38 BDSG are not met.
B2B notice: Our services are offered exclusively to business customers. We may process personal data of customer/vendor contact persons (e.g., name, business email, phone, role) for contract initiation and performance.
We process our visitors’ / customers’ personal data only to the extent necessary to provide a functional online shop and our content and services. Processing is carried out on the basis of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable legal provisions.
Our shop is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. We have concluded a data processing agreement pursuant to Art. 28 GDPR with Hetzner. In the course of hosting, all data that are necessary for the operation and delivery of our online service are processed (website content, databases, uploads, meta/communication data, server logs). The legal basis is Art. 6 (1)(f) GDPR (legitimate interests in secure and efficient provision of our online service) and, where a contract with you exists, Art. 6 (1)(b) GDPR.
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling device:
The data are stored in log files for 30 days and then automatically deleted. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in the technical stability and security of the server).
We use only technically necessary cookies:
| Cookie | Purpose | Storage period |
|---|---|---|
coderizo_session | User session ID | End of session / 2 hours of inactivity |
XSRF-TOKEN | Protection against cross-site request forgery | End of session / 2 hours of inactivity |
laravel_cookie_consent | Cookie notice acknowledged | 400 days |
_GRECAPTCHA | Spam protection (Google reCAPTCHA) | 6 months |
No consent under Art. 6 (1)(a) GDPR is required for these technically necessary cookies. We do not use analytics, tracking or marketing cookies.
To secure registration and the contact form we use Google reCAPTCHA (currently v3) provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The service distinguishes whether an input is made by a human or improperly by automated processing, thus protecting our systems from spam and attacks. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in protecting our online services).
In the course of the check, technical and usage information (e.g. IP address, time spent on the page, mouse/keyboard interactions) is transmitted to Google; transfer to Google LLC in the USA may occur. Google LLC participates in the EU–US Data Privacy Framework (DPF). Where required, we additionally rely on the EU Commission’s Standard Contractual Clauses (Art. 46 GDPR).
Further details are available in Google’s Privacy Policy and Terms of Service.
When you create a customer account, we process the following data:
Mandatory details for a B2B invoice (e.g. company name, VAT ID no., billing address) are also collected when an order is placed. The legal basis is Art. 6 (1)(b) GDPR (contract initiation and performance).
For vendors who list plugins on our marketplace, we collect and verify business information (e.g., company name, address, contact details, payment account details, tax/VAT numbers, and evidence supporting the business identity) in order to set up and administer the vendor account, prevent abuse/fraud, and meet marketplace compliance expectations. The legal bases are Art. 6 (1)(b) GDPR (contract) and Art. 6 (1)(f) GDPR (our legitimate interests in safeguarding platform integrity and preventing fraud). Data are retained for the duration of the vendor relationship and statutory retention periods.
We process payments via Stripe. Because we use a Stripe US account, payment data are transmitted to Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA. Depending on your location and the product used, certain processing may also be carried out by Stripe Payments Europe, Limited (SPEL) (Ireland) – see Stripe’s Privacy Center for details on which Stripe entity is responsible in a given scenario.
Processed data typically include transaction details (amount, currency, method), masked card data, name, billing address, IP address, device data and fraud-prevention signals. Stripe may act as our processor and/or as an independent controller for risk, compliance and regulatory purposes.
International transfers: Transfers to the USA occur. Stripe, Inc. participates in the EU–US Data Privacy Framework (DPF); where required, Stripe also relies on the EU Commission’s Standard Contractual Clauses (SCCs). Further information is available in Stripe’s Privacy Center.
Legal bases: Art. 6 (1)(b) GDPR (payment processing for the contract) and Art. 6 (1)(f) GDPR (fraud prevention and platform security). Retention: Payment records are stored for 10 years to comply with statutory retention requirements.
We generate invoices and manage accounting records directly within our platform. For this purpose, we process billing and contract data (e.g., company name, address, VAT ID, contact details, order details, invoice number, amounts, payment status, and related audit trails). Where applicable, documents may contain the name and business contact details of your contact person.
Legal bases: Art. 6 (1)(b) GDPR (performance of the contract) and Art. 6 (1)(c) GDPR (compliance with statutory tax/commercial retention obligations).
Retention: Invoice and accounting data are retained for 10 years in accordance with statutory requirements (e.g., § 147 AO, § 257 HGB).
Storage/Transfers: Data are stored on our own systems as described under “Hosting”. No third-country transfers occur for invoicing/accounting beyond those described under “Payment Processing (Stripe)”.
When you use our contact form, we process:
The data are processed solely for handling your enquiry (Art. 6 (1)(f) GDPR). Support emails are archived for 6 years in accordance with applicable statutory retention requirements (e.g., tax/commercial law).
If you subscribe to our newsletter, we process your email address on the basis of your consent (Art. 6 (1)(a) GDPR). The newsletter is sent via our own system; you can unsubscribe at any time via the link included in every email.
We delete personal data as soon as the purpose of the storage no longer applies and statutory retention periods do not prevent deletion.
Without prejudice to other administrative or judicial remedies, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement.
Supervisory authority for matters relating to our EU representative:
Die Landesbeauftragte für den Datenschutz Niedersachsen (LfD Niedersachsen)
Prinzenstraße 5, 30159 Hannover, Germany
Tel.: +49 511 120-4500 — www.lfd.niedersachsen.de
Our services are intended for business users. We do not knowingly offer services to, or target, children under the age of 16.
Where service providers in the USA are involved (e.g., Google LLC, Stripe, Inc.), we rely—where available—on the EU–US Data Privacy Framework certification of the respective US entity; where this is not sufficient for the specific transfer, we additionally use the EU Commission’s Standard Contractual Clauses (Art. 46 GDPR) and implement supplementary measures as needed. For transfers to the United Kingdom, we rely on the UK adequacy regulations and/or the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as applicable.
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services. The version published at the time of your visit shall apply.